Field
Embodiments of the invention relate to the field of network services; and more specifically to Internet-based security and performance services.
Background
Internet servers, by their nature, are accessible via the Internet and are capable of being compromised and/or attacked. These attacks include, among other things, blog or other comment spam POSTs, SQL injection POSTs, cross-site scripting POSTs, denial of service (DoS) attacks, query floods, excessive bandwidth use, or requests that exploit other known weakness of the servers. Attacks may be implemented using botnets (or sometimes referred to as bots), which are typically infected personal computers running on home or office networks. The personal computers may be infected in a number of ways, for example by visiting a site with malicious code, executing software that installs malicious code, etc. The legitimate users of these infected personal computers are often unaware of the infection and their use in a botnet attack.
Web application firewalls (WAFs), which are either hardware devices installed in a network operator's data center or software that is installed on the web server, may monitor traffic routed to the web server in order to detect and stop potential attacks. Unlike traditional firewalls that focus on the network layer, web application firewalls perform deep packet inspection to look for attack signatures at the application level.